S.N. 09/930,612 
Art Unit: 2137 

REMARKS 

Applicant cancels claims 120-124, 162-174, and 179 without prejudice or 
disclaimer. Applicant amends claims 1, 104-106, 109, 111, 113, 114, 116, 125, 126, 128, 
131, 135, 140, 143-145, 149, 161, 175-178, and 180-182. Applicant adds claims 183-186. 
Consequently, claims 1, 101-119, 125-161, 175-178, and 180-186 are presently pending. 
Support for the amendments and new claims can be found, e.g., at FIG. 3; page 15, line 15, 
onwards which has extensive references to the web server 10 and the back end server 48; 
page 1, line 7; page 5, lines 1 1-26, and page 15, line 31 to page 16, line 9. 

It should be noted that the claim amendments to the independent claims are 
made to conform substantially the claims to a corresponding UK patent application, which 
has now proceeded to grant. The number of the corresponding UK patent is GB2366015B. 

In the outstanding Office Action, the Examiner (1) reiterated a restriction 
requirement; (2) objected to claims 104-106, 109, 111, 113, 114, 116, 126, 128, 131, 143- 
145, 149, 177, and 180; (3) rejected claims 175-178 and 180-182 under 35 U.S.C. §101; (4) 
rejected claims 161, 178, and 182 under 35 U.S.C. §1 12 ^2, as being indefinite; (5) rejected 
claims 1, 102-106, 109, 111, 113, 125, 127, 128, 135, 140-145, 149, 151, 153, 175-177, 180, 
and 181 under 35 U.S.C. §102(b) as being anticipated by Shiel et al. (GB 2,281,864, 
hereinafter, "Shiel"); (6) rejected claims 1 10, 112, 114-119, 126, 129-131, 150, 152, and 154- 
159 under 35 U.S.C. § 103(a) as being obvious over Shiel in view of Willmann et al. (U.S. 
Patent No. 5,521,923, hereinafter, "Willmann"); (7) rejected claims 107, 108, 132-134, 136- 
139, and 146-148 under 35 U.S.C. §103(a) as being obvious over Shiel in view of Tanaka et 
al. (U.S. Patent No. 5,539,909, hereinafter, "Tanaka"); (8) rejected claims 160 and 161 under 
35 U.S.C. § 103(a) as being obvious over Shiel in view of Willmann and in further view of 
RFC791; and (9) rejected claims 178 and 182 under 35 U.S.C. §103(a) as being obvious over 
Shiel in view of Glommen et al. (U.S. Patent No. 6,393,479, hereinafter, "Glommen"). 
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With regard to (1), Applicants elect Group I, claims 1, 102-1 19, 125-161, 
al75-178, and 180-182 without traverse. Applicants have canceled the unelected claims 120- 
124, 162-174, and 179 without prejudice or disclaimer. 

Regarding (2), appropriate amendments have been made in accordance with 
the suggestions recommended by the Examiner for claims 111, 116, 126, 131, 177, and 180. 
For claims 104-106 and 109, these claims have been amended to depend from either claim 
102 or 103, each of which discusses a "predetermined criterion" and provides antecedent 
basis for that term in claims 104-106 and 109. Similarly, for claims 143-145 and 149, these 
claims have been amended to depend from either claim 141 or 142, each of which discusses a 
"predetermined criterion" and provides antecedent basis for that term in claims 143-145 and 
149. Claims 1 13, 1 14, and 128 have been amended to add clarification to the term "the 
message". As for claim 180, Applicant has amended "said instruction" to —an instruction--. 
Applicant respectfully requests withdrawal of the objections in (2). 

With regard to the §101 rejections in (3), Applicant has amended claims 175- 
178 and 180-182 to replace the term "computer program" with —carrier medium— as 
originally recited, e.g., in claims 178 and 182. Applicant believes that "carrier medium" is 
directed to statutory subject matter and request the §101 rejection to claims 175-178 and 180- 
182 be withdrawn. 

Concerning (4), the Examiner rejected claims 161, 178, and 182 under 35 
U.S.C. §1 12 ^[2, as being indefinite. Claim 161 has been amended as follows: A method 
according to claim 160, wherein said time period is one of the following: (1) less than 2 
minutes from receipt of said communication, (2) less than 1 minute from receipt of said 
communication or (3) the shortest time possible from receipt of said communication" 
(emphases added). Regarding claims 178 and 182, the phrase "such as a floppy disc storage 
medium" has been removed. Claims 161, 178, and 182, as now clarified by amendment, 
should be found to be free of rejection under 35 U.S.C. § 1 12. These amendments are deemed 
to be cosmetic in nature, and thus was not made for a reason related to patentability, as the 
Examiner could have simply objected to these claims, and not rejected them under 35 U.S.C. 
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§ 1 12. In any event, this amendment should not be construed to impair in any way the 
application of the full range of equivalents for the claimed subject matter. 

Regarding the rejections in (5)-(9), the present invention is concerned with 
improving the security of sensitive information for an electronic commerce environment 
using an open network such as the Internet (see, e.g., page 1, lines 5 to 7 of the application). 
In particular, the present invention is concerned with ensuring that sensitive information 
accessible to a web server is not accessible to third parties (e.g., computer hackers) using the 
open communications network (e.g., the Internet). Such sensitive information may include 
credit card details or personal details such as medical record information and may be used by 
unscrupulous persons to commit theft or fraud for example (see, e.g., page 3 of the 
application). The typical approach to keeping such information secure is by providing a 
complex firewall to shield the web server from the open communications network. 

The present invention seeks to provide an approach which can keep sensitive 
information used by a web server secure. 

Accordingly, the present invention provides the data processing system as now 
claimed in claim 1. The system comprises a first processing resource in the form of a web 
server coupleable to an open communications network and a second processing resource in 
the form of a back end server coupleable to the first processing resource through non-network 
connected communications channel 50. See, e.g., page 16, lines 2-9 of the disclosure and 
FIG. 3. An example of such a communications channel is given as serial link 50 on page 30, 
lines 1 1-27, although it will be appreciated from the application text on page 16, lines 7 to 9 
that the communications channel may be a parallel connection arid may comprise a twisted 
pair, optical fibre or wireless link, for example. The use of a non-network connected 
communications channel means that sensitive data held on the second processing resource 
(i.e., comprising the back end server) is only accessible to the web server and not to third 
party computer systems connected to the open communications network. 
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Furthermore, since the second processing resource is restricted to 
implementing only predetermined allowable operations, it is typically not possible for a third 
party hacker to access the sensitive information via the web sewer and perform unallowed 
operations. For example for a web server providing access to individual medical records on a 
single record per request basis (which would typically be required by practitioners using such 
a service) the system would not allow a search for multiple records (which would be more 
useful to a hacker) to be performed since such a search would not be a predetermined 
allowable operation provided to the web server. Equivalent advantages apply for other kinds 
of web service and other kinds of sensitive data, for example financial details in the form of 
credit card details or password information (see, e.g., page 4, line 24 to page 5, line 10). 
Accordingly, compromise of the back end server is inhibited. This clearly represents a 
significant advantage of the claimed system. 

Shiel is not concerned with or directed to web server security. In particular, it 
should be noted that the system in Shiel is for a closed system in a department store and is 
concerned with sending information from the cash register network 13 to a credit card 
authorisation agency 7 via a communications apparatus 12. The Examiner has cited the card 
authorisation computer as the first processing resource. However, claim 1 as now defined 
states that the first processing resource is in the form of a web server coupleable to an open 
communications network. Accordingly, the claim is clearly novel over this document. 
Furthermore, the present invention is concerned with the security of sensitive information on 
web servers coupleable to an open communications network. In contrast, the cited document 
is concerned with the authorisation of credit cards and other cards in a closed department 
store system and the skilled person would not be motivated to consider this document when 
considering improving web server security. Accordingly, amended claim 1 is patentably 
distinguished over Shiel. 

Concerning the other independent claims, these claims have been amended to 
conform substantially to the amendments to claim 1 and the independent claims are 
patentably distinguished over the Shiel document for at least the reasons given above. 
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Concerning the documents cited against dependent claims, Willmann, Tanaka, 
Glommen, and the RFC971 document, these documents are each not concerned with web 
server security and do not teach or suggest the system of claim 1. The dependent claims are 
likewise distinguished over their respective references at least by virtue of their dependencies 
from independent claims 1, 114, 125, 140, 175, and 180. 

Based on the foregoing arguments, it should be apparent that claims 1,101- 
1 19, 125-161, 175-178, and 180-186 are thus allowable over the reference(s) cited by the 
Examiner, and the Examiner is respectfully requested to reconsider and remove the rejections. 
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